CALL 916-777-7777
Youtube Facebook-f X-twitter Linkedin-in

Fraudulent Credit Card Charges? Your Band Merchandise Purchase May Have Been Hacked.

Posted on behalf of Arnold Law Firm in
NOTICE: If you reside in California, made an online purchase on a Warner Music Group e-commerce website between April 25, 2020, and August 5, 2020 and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777.
“Just had an e-mail this morning from Warner Music Group saying security had been breached and account details had been acquired,” user u/Way2Competitive posted on Reddit on August 24, 2020. “If anyone else has bought Dance Gavin Dance merch through their website, might be worth a check to make sure everything looks ok!” man-holding-card-on-phoneThe user went on to share the Data Breach Notice that Warner Music Group (WMG) submitted with the State of California Department of Justice Attorney General. On August 5, 2020, WMG discovered that an unauthorized third party compromised a number of e-commerce websites operated by WMG that are hosted and supported by an external service provider. The security incident allowed the third-party access to customer personal information entered into the affected websites during transactions between April 25, 2020 and August 5, 2020.

Was Your Card Compromised?

If you made a purchase from a music band website between April 25, 2020, and August 5, 2020, it’s worth looking into. Let’s look at the example above. u/Way2Competitive purchased merchandise from the Dance Gavin Dance band website during the data breach time window. Dance Gavin Dance is an American post-hardcore rock band from Sacramento, California. The band is currently with Rise Records, an independent record label that focuses on heavy metal and punk rock music artists. Rise Records is not a WMG label, so how was u/Way2Competitive’s transaction compromised? Rise Records has a distribution deal with Alternative Distribution Alliance, a distributor owned by WMG. WMG artist services business works with WMG artists, as well as artists not signed to their recording labels to support both commerce and marketing aspects of artists’ businesses. Because the Dance Gavin Dance website and its shopping cart is managed through WMG, the band website transactions were exposed to the Magecart attack, which skims payment card details, including card numbers, VCV/CVVs, and expiration dates.

How Can You Check?

Unfortunately, WMG has not disclosed a list of affected e-commerce websites, which makes it nearly impossible for shoppers to tell if they are at risk for identity theft and fraud. In fact, consumers may not even realize that they made a purchase from a WMG website, because it can be difficult to determine whether a music-related website is associated with WMG. If you made any recording artist-related purchase online from April to August, we suggest that you search your email folders for “notice of data breach” from WMG. These notices are commonly screened by spam filters and may not reach your inbox. Notices may also be sent via USPS delivery. WMG appears to still be in the process of notifying consumers who were affected by the security incident. WMG is directing questions about the security incident to 1-866-951-4190 or [email protected].

How Big Was the WMG Data Breach?

At this time, it is unknown how many consumers were affected by the WMG data breach. However, the music giant is associated with an estimated 65,000 songwriters, including Ed Sheeran, Lizzo, and Led Zepplin. Three months of consumer transactions involving thousands of recording artist websites may have been compromised, which could potentially translate into credit card information stolen from millions of shoppers. On social media forums, disgruntled consumers have mentioned fraudulent credit card activity believed to be associated with various band website purchases, including:
  • Smashing Pumpkins
  • Grateful Dead
  • Gojira
  • Cold Play
  • Oliver Tree
  • Dance Gavin Dance
  • Kehlani
  • Li’l Uzi
  • Neil Young
  • Gorillaz

I Got a WMG Data Breach Notice, Now What?

WMG is offering 12 months of identity monitoring services to affected customers at no cost. The company is also encouraging customers to monitor any unauthorized use of payment cards and suspicious email communications, particularly those purporting to come from WMG or any WMG-related websites. You may also want to investigate whether possible legal action applies to your situation, especially if you live in California. The California Consumer Privacy Act (CCPA) applies to companies that do business in California and collect personal information from California residents. The CCPA went into effect on January 1, 2020 and is considered to be one of the broadest state-level privacy laws in U.S. history. Among the rights the CCPA endows is the consumer’s right to bring an action for statutory damages if a data breach meets certain requirements.

If you reside in California, made an online purchase on a WMG e-commerce website between April 25, 2020 and August 5, 2020, and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible developing legal options.

Settlement - $3,767,000

Truck Accident

A 20-year-old man who had been married for just 12 days left home on his way to work. He was driving on Pleasant Grove Road in Sutter County in the early morning when he came upon a slow-moving truck. As he pulled out to pass the truck, the truck driver turned left in front of him. The young man attempted to steer back into his lane but his vehicle struck an un-flagged piece of metal extending from the back of the truck. He died in the resulting crash.

Expert witnesses brought in by the Arnold Law Firm proved that the truck, owned and operated by a hauling firm, should never have been on the highway that morning. Specifically, the rear and side turn signals did not work and the rear-view mirror was in a poor state of adjustment at the time of the collision. As a result, the driver, who had failed to properly inspect the vehicle before setting out that morning, couldn’t see the young man’s vehicle as it attempted to pass.

The poor condition of the truck, its lack of maintenance and the manner in which it was operated were found to be substantial factors in causing the collision that killed the young man. The testimony also established that the man had been making a lawful pass at the lawful speed limit and acted reasonably when he attempted to avoid the collision.

The man’s 20-year-old widow was awarded $3,767,000.77, his parents were awarded $185,131 and the family was reimbursed $11,899 in funeral expenses. Though money is a poor substitute for a young man’s life, this verdict demonstrates that drivers who endanger the lives of others will be held accountable for their actions.